Safeguard
Tag

zero-day

Safeguard articles tagged "zero-day" — guides, analysis, and best practices for software supply chain and application security.

80 articles

Vulnerability Analysis

MOVEit Transfer CVE-2023-34362: The Zero-Day That Hit Thousands

The MOVEit Transfer SQL injection zero-day exploited by Cl0p ransomware gang became 2023's most impactful vulnerability. Here's the full technical analysis.

Jun 1, 20236 min read
Vulnerability Analysis

FortiGate SSL-VPN Zero-Day (CVE-2022-42475): How a Heap Overflow Gave Attackers the Keys

A heap-based buffer overflow in Fortinet's SSL-VPN was actively exploited before disclosure. State-sponsored actors used it to deploy custom implants on critical infrastructure.

Dec 12, 20226 min read
Zero-Day Exploits

ProxyNotShell CVE-2022-41040: Microsoft Exchange Under Fire Again

ProxyNotShell chained two Exchange vulnerabilities for authenticated RCE, exploited in the wild for weeks before Microsoft delivered a patch. Exchange admins were running out of patience.

Sep 30, 20226 min read
Vulnerability Analysis

Follina (CVE-2022-30190): The Microsoft Zero-Day That Bypassed Macro Protections

A Word document, no macros enabled, and full remote code execution. Follina exploited the Microsoft Support Diagnostic Tool via ms-msdt protocol handlers, rendering years of macro-blocking defenses irrelevant.

Jun 10, 20227 min read
Vulnerability Analysis

Confluence Zero-Day (CVE-2022-26134): Atlassian's OGNL Injection Crisis

An unauthenticated RCE zero-day in Confluence Server was being actively exploited before Atlassian even knew about it. The vulnerability affected virtually every on-premise Confluence installation.

Jun 3, 20225 min read
Vulnerability Analysis

Log4Shell Vulnerability (CVE-2021-44228) Explained

The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.

Dec 13, 20215 min read
Vulnerability Research

Zero-Day Vulnerabilities in Open Source: 2021 in Review

2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.

Nov 28, 20217 min read
Zero-Day Exploits

Microsoft Exchange HAFNIUM Attack: Four Zero-Days That Compromised 30,000 Organizations

Chinese state-sponsored group HAFNIUM exploited four zero-day vulnerabilities in Microsoft Exchange Server, compromising an estimated 30,000 US organizations and hundreds of thousands globally.

Jun 20, 20215 min read
zero-day (Page 7) — Safeguard Blog